I run a small modest CentOS server at my house for misc backups, etc. My friend on the other side of town also runs a small modest server at his house for similar purposes. We have been toying with the idea of using eachothers servers to do remote/offsite backups.

Basically, we'd each buy an external hdd to store at eachothers homes, hooked up to eachothers servers. Then, we'd each setup scheduled rsync's to push the appropriate data from one server to the external hdd on the other server. Pretty straightforward for the most part.

However, one thing that is important (at least for me) is data encrpytion. I want to store my data on the external hdd on my friends server. But I don't want my friend (or anyone who accesses my friend's server) to be able to read whats on the external hdd.

What is the best approach to this? Can you use rsync to send data to an encrypted hdd drive and somehow pass a passphrase along with the data that it uses to write it once it reaches the server?

A solution like the one you describe above requires sending your encryption key to your friend's machine. If we consider your friend an "untrusted site" you've just blown your security (he can capture the key and read your data).

If you want to be sure your friend can't read your backups you must encrypt the files before you send them (e.g. make a tarball, encrypt it with gpg or similar, then rsync it over), and never give him the key (or enough plaintext to reverse-engineer the key).Note that doing this negates the delta benefits (bandwidth savings) of using rsync: The encrypted file will change substantially each time you make a backup, so you'll probably be copying the whole thing every time.

that is what is nice about Duplicity, it encrypts it before leaving the computer but it is fully capable of doing incremental backups by reading signatures/change lists and what not, that is why I suggested it to him. The first backup will take a long time but after that he will be good to go while maintaining a nice level of security.
–
LumaJul 13 '10 at 18:30